More SSL Flaws Found by MS

Users of Internet Information Services (IIS) < 6.0 in default mode are not affected by potential man-in-the-middle attack…kinda…must use workarounds…Microsoft advises not to use their workarounds though. In fairness to MS, this is old SSL exploit news that they are acknowledging affects all their current OSs. 

Read the ars technica report…and read a newspaper instead of using wifi at the coffeeshop, or at your clients…or on the trian.

Microsoft warns of TLS/SSL flaw in Windows

By Emil Protalinski | Last updated February 9, 2010 4:12 PM

Microsoft has issued Security Advisory (977377) to address a publicly disclosed vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The TLS and SSL protocols are implemented in several Microsoft products, both client and server. Currently Microsoft has concluded that it affects all supported versions of Windows: Windows 2000 SP4, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. Microsoft says it will update the advisory as the investigation progresses.

Leave a Reply